aws-ssm-ec2-proxy-command
Prerequisits
- Local Setup
- Ensure Your IAM Permissions
- IAM Policy Example
ssm:StartSession
for DocumentName:AWS-StartSSHSession
and Target Instancessm:SendCommand
for DocumentName:AWS-RunShellScript
and Target Instance
- Target Instance Setup
- Ensure SSM Permissions fo Target Instance Profile
- Ensure SSM Agent is installed (preinstalled on all AWS Linux AMIs already)
- Install SSM Agent on Linux Instances
yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm & service amazon-ssm-agent restart
- SSM Agent on Windows Instances
- Install SSM Agent on Linux Instances
Install SSH Proxy Command
- Move proxy command script aws-ssm-ec2-proxy-command.sh to
~/.ssh/aws-ssm-ec2-proxy-command.sh
- Ensure it is executable (
chmod +x ~/.ssh/aws-ssm-ec2-proxy-command.sh
)
Setup SSH Config
- Add ssh config entry for aws ec2 instances to your
~/.ssh/config
. Adjust key file path if needed.host i-* mi-* IdentityFile ~/.ssh/id_rsa ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p ~/.ssh/id_rsa.pub StrictHostKeyChecking no
Open SSH Connection
ssh <INSTACEC_USER>@<INSTANCE_ID>
- Ensure AWS CLI environemnt variables are set properly
- e.g.
AWS_PROFILE='default' ssh [email protected]
- If default region does not match instance region you need to provide it like this
AWS_PROFILE='default' ssh <INSTACEC_USER>@<INSTANCE_ID>--<INSTANCE_REGION>
- e.g.
TODO
Add variant to send ssh key by ec2-instance-connect:SendSSHPublicKey